Passwords and pain. Mention one of those words and the other probably jumps to your mind.
Everyone hates passwords. How many there are, the number of times we are asked to enter them in, the complexity rules… we want to yell “Enough already! Make it stop!”
The truth is we aren’t annoyed by passwords themselves, but rather the way we have to use them in order to stay secure. In an ideal world we would never have to change our password, only have to enter it once a day (period!), and wouldn’t have to have a different password for each site.
While that may never be realistic, there are easier ways of making passwords simple and secure at the same time.
Why we need passwords
Passwords are a necessary evil because they are the key to the lock that protects our accounts and our
information. If passwords are easy to guess, your account is easy to get in to. While this might not be a big deal for your gym membership website, it is a big deal for your bank account.
If someone cancels your gym membership you rarely use without your permission, they may be doing you a favor! If they get into your bank account and wipe out all your money, that would affect your life.
What makes a strong password
The old recommendation for password strength was complexity. We have been beaten over and over into choosing passwords that don’t make sense. Not only that, but the rules vary between sites! One site requires a minimum of 6 characters, another 8. Another requires a capital letter, but yet another one requires a special character instead.
Why the difference in rules? It’s because the password rules are chosen by each company, website or program. There isn’t a standard for what complex actually means.
To combat these made-up rules, we do things like replace an “o” with a zero, or an “i” with a 1 to make them easier to remember. While it helps meet these random requirements, it doesn’t make the password more secure because… everyone else does the same thing, and hackers know it.
So if what we are doing is insecure, why do we still do it? I think it comes down to two reasons. The first being, people don’t like change. The second being, the rules seem to change all the time so why should we bother?
Well, the truth is one recommendation that has stayed the same over the years is password length.
Passwords vs Passphrases
The reason why length reigns supreme is that the longer a password is, the longer it takes to guess the password. Take for example the password “password” and “PassW0rd”. Which one is more secure? The second one is only slightly. It would take a few seconds to a few minutes to randomly guess either password. Educated guesses, called dictionary attacks, will bring the guessing time down to nearly nothing.
We should be using passphrases, instead of passwords. A passphrase is a sentence that acts as a password. Passphrases have the advantage of being easy to remember and extremely secure. If we change the example to “this is my new password”, the amount of time it would take to guess it grows from seconds to billions of years or more.
Combating Data Breaches
We can’t have a discussion about passwords without talking about why we need to use different passwords for each site. If a website has a data breach, meaning account information is made public, every other site that uses the same username and password is at risk.
Most people change their password on the site that had the breach, but they forget about other sites where they’ve used the same password. To make sure a data breach will only affect your account on a single site, you have to use a different password for each one.
Adding Up the Pain
At this point, we understand complexity, length and the reason for using different passwords for each site.
We understand that passphrases are more secure and easier to remember than random passwords and that they ease some pain.
But not all pain.
While passphrases are great, you still need a different one for each site to protect against a data breach. Not only that, some websites are behind the times and will not allow you to use passphrases because of “their rules”. Some things you might run into:
- The passphrase is too long
- You don’t have any special characters !@#%^}{
- You didn’t use a number
- etc.
What a pain!
So What’s the Password Cure?
To ease the suffering you need a Password Manager. If you’ve never heard of them, your life is about to change!
Password managers always have these two core things in common:
- They store all of your passwords in a central and secure location
- They let you use a single master password to gain access to all of the other passwords
Just these two features alone are enough to save you a ton of time and headaches.
But wait, there’s more!
The truth is, password managers feature more benefits than just the two mentioned already. While features vary between apps, you can expect to find other benefits such as:
- Typing your password in websites “automagically”
- Creating random and strong passwords for each site
- Notifying you to change your password due to a data breach
- Storing other information for easy use such as credit card numbers
- And many, many more features
Options
There are many options available depending on your preference. Vendors include:
What I Use
Personally, I use Dashlane. It’s a solid solution that has a ton of features. My favorite is the ability to share my passwords across all of my devices AND with my spouse.
Conclusion
Passwords are necessary to protect our information and keep our private data private. They don’t have to be a pain though. There are ways to simplify the process and reduce the pain by using passphrases and password managers.
(Psst… If you’d like to see a review of the top managers, leave a comment below and let me know!)